Analysis

  • max time kernel
    179s
  • max time network
    183s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 04:51

General

  • Target

    a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk

  • Size

    11.4MB

  • MD5

    a80e800b3cbf913beb0640e52aed4748

  • SHA1

    bc8033b80ddbfa77fd2e7918606b0e9c4cd1378d

  • SHA256

    549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7

  • SHA512

    a6f9821c74c9758e3c4c219be202c3920ec05075145aa36837182310b75727c9f303172b641180c705cb66b767ff6c79bc8594f47c0a62c977178cb6e78b615b

  • SSDEEP

    196608:RJQC3NTj6yLtQAxJH1HFy7hEIz7qVyGYfmrfJDqsYYZdk98zde:RfTmyx1HFy1E27cY+4DiZzde

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Acquires the wake lock 2 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 3 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.travel.koubei
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4254
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4373
    • com.travel.koubei:pushservice
      1⤵
      • Queries information about running processes on the device
      • Acquires the wake lock
      • Queries information about active data network
      • Queries information about the current Wi-Fi connection
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      PID:4319
    • io.rong.push
      1⤵
      • Queries information about running processes on the device
      • Acquires the wake lock
      • Queries information about active data network
      • Queries information about the current Wi-Fi connection
      PID:4446

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.travel.koubei/app_td-cache/tdappcpa
      Filesize

      578B

      MD5

      3f040f65f46e3c6eb6ebf9f96e1022b1

      SHA1

      374f554add6d781c85904caf175c91b89ea135c1

      SHA256

      6557f342cc8637f1bb9d287c44996123cbe689983a06a31e59e458d9bf0bfcc9

      SHA512

      50f90ecd2db6c178f3c471af923cbf42da80bd2bc3095b989db66f62e5085cf68fa6762d6ac49ea48bd00b1e57f6de443ff5fabf20aa5a622fa42b7ac7efa522

    • /data/data/com.travel.koubei/databases/mta.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    • /data/data/com.travel.koubei/databases/mta.db-journal
      Filesize

      120KB

      MD5

      019a1efa2161742c290b45242d00a6b1

      SHA1

      987da7b69310d8d9f7e65aaf154038b8ed7400d9

      SHA256

      2e954d0e6ae8d565b63f3c5c661dd0cc39292d6d72c707646a0ee6cc00901908

      SHA512

      08c9c91f6e8da62ed9316ac4baa8b910cca7352d85bc39737bba467cdee71aeb43d678b9114920b56caa27a5c774d7605b989a2f2c050ec8b772bbcaeff00856

    • /data/data/com.travel.koubei/databases/mta.db-shm
      Filesize

      32KB

      MD5

      64d61dd170fef2a6241b833fc022e99b

      SHA1

      b70b8d3638d8d7ad5a822a4ec6ce31ef2e63ee5f

      SHA256

      a450e222d928102ead4121ce61acc67294f3171fadd0288908070fc8bf9b516b

      SHA512

      55475c6dca79833ed5d3a237c6ae0495ecd9db33de1835cc0a7159f651a7be9d3e6eabb784be0d280b0c26162609488c01347e425c335b7c8c253659e891ef08

    • /data/data/com.travel.koubei/databases/mta.db-wal
      Filesize

      193KB

      MD5

      5395c42879a2d95b5eb9c8eca3450167

      SHA1

      78efed9500d324df40e73d93458313ac8fc8bd4c

      SHA256

      cc75e1090e972071cac7903c9f2ffc1c4badaad9be30d2bb43d70c63179e61a4

      SHA512

      0a01c75050f0477d343c092cbbc5b851ba1ee53db2d07496e9e7efd5050b7cf0b302b100ae9951ae45caecad84362befbcee769ddac90782192499a1e1f90872

    • /data/data/com.travel.koubei/databases/pri_tencent_analysis.db-journal
      Filesize

      512B

      MD5

      9e5f553b97777cf19acfc7036cb744e9

      SHA1

      5bf7e9b9ed4b519b62ece89d99ee9c6af4e4a0b5

      SHA256

      6790c37f2e8243e792ce60c15d9c974bf6fde32dc9f8de0db69f79c49f0caf98

      SHA512

      c24f622939c6617b56f785112ffb853fd9f065331dbae318b0dbba068a6f4ea78a93288a4d6b95bcba2c5eed6c3d208fcf7478629e72acfabec701dae5bc5c0c

    • /data/data/com.travel.koubei/databases/pri_tencent_analysis.db-wal
      Filesize

      56KB

      MD5

      b67be6f2dfb10d6a8790e9b81c06544e

      SHA1

      8716f28a1020c7125af84869dfd849dbc4be1c6e

      SHA256

      872e450da718cf3efb8a126190604752d99df4b8741d295bddd0c804548c39b6

      SHA512

      54cd329b67262c854904d971856099b27ea01402e88499bb8186b4cd2c788114f864419dd0dac3202633dc13c158c38b60b8edb6a5cd02bae592a8cb6a4f8087

    • /data/data/com.travel.koubei/databases/rong_version-journal
      Filesize

      512B

      MD5

      abe57927253f77fb0206db3ee4950437

      SHA1

      479e84fe752aeed6d533915878a0fb3c0fabd150

      SHA256

      b6c0dcb1adb7a8e64c84a15ff7a8daa0c11b20d3d2b9425d9352babc22841e2d

      SHA512

      de5490cee8bab78129d40883531be414f26aa4e2e0a4a06dd1f643af058c69af9401c8f2a4b931ef306cac2c39d990706cddcc70d7ea1ec5da3c1aed033970e4

    • /data/data/com.travel.koubei/databases/rong_version-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    • /data/data/com.travel.koubei/databases/rong_version-wal
      Filesize

      80KB

      MD5

      06d9bbafef6f676dcef92760e6f24fc8

      SHA1

      0ad66d415c85bc9ddb4fcb71df7916d1ad7542e8

      SHA256

      0521b83c649b44d3e57aef1771140f71e9a735c58462a0a5e9d61ff82b77a8c1

      SHA512

      ec8fa5dbacaf7ecb518961e7747f0357dbcea1e0e4699e24e7c3b6d2267487bfda567e2f9a686a2fe4860fb977c2609044ee30899a3472f4dd6ae75aa41126fe

    • /data/data/com.travel.koubei/databases/tencent_analysis.db-journal
      Filesize

      512B

      MD5

      f2c05dea23752013259e26561bf9d19e

      SHA1

      1d56446139d064d65c1ef14d2da6b616e6095bf2

      SHA256

      d527437dccc804ee6a68f4e9fee5c1f7d844c43901841160eb161f506a25b950

      SHA512

      4a7326aff174e2529d81d8c7ca43c0a5dfe3f1ad874f30c6814274a03ea01cae4dbf56ade4a9f1ed8779ae8627bc64f21779b3a9845f497a38b5bdfc9e67d61e

    • /data/data/com.travel.koubei/databases/tencent_analysis.db-wal
      Filesize

      92KB

      MD5

      f1eb4672e17d5f481e1d5b1292358755

      SHA1

      6aeb4fa7a7345b5682a87eae0fe6a35fbc2c4094

      SHA256

      3fbe88bd2052d809a74ec43c598c633d0a742384aad1b42720fa5d14fa776b87

      SHA512

      7cc22a2477f03c124007318344b439a48069bad902e191773e3d9f5b607ab95b7c481848c2f0fc88ea3d67bb71fb78a2163a84410394b56ba6c920e6126e0f2c

    • /data/data/com.travel.koubei/files/mobclick_agent_cached_com.travel.koubei27
      Filesize

      591B

      MD5

      4bd0a136dcf395778d664d92ea9076e0

      SHA1

      ae8840f8fb929158c8f63c970aec58c3b2c53f47

      SHA256

      9cb6f6e035db60d4a4bbde25a5f7f297eaa41564fcfc178687ca69a9b42e99cb

      SHA512

      bdd98ddd383413cc1cf773e62becad7fe965d64d2186cf62b2f9724e528276cafb6f87083a84d7b08b20bf0c768c8e9e4ca20ffc5476f3cd547a8ae1ab02cd31

    • /data/data/com.travel.koubei/files/mobclick_agent_sealed_com.travel.koubei
      Filesize

      550B

      MD5

      6eb3cc89ec06f911e1808509e015242a

      SHA1

      1709b5932afba28452bb4b539c493e8e60c931fe

      SHA256

      fa6a2ec75cd69d7e3f36e11a5ecad0025587f5dfbb200a6acebdb388cb7bf739

      SHA512

      e3f7c49dd94a0c6ef1862a1e1b51d2b6400c213574324c395465a3d50990d8425cfef36a509986b7f346589425e3ea5b2cec6068369645227db26a38657905a0

    • /data/data/com.travel.koubei/files/umeng_it.cache
      Filesize

      211B

      MD5

      2c798e87fd3311ae8b68b02668048297

      SHA1

      f8f5c9b819ab7ad8c18a29d9c2a253dbdbea8365

      SHA256

      ddd95292b7243bffdb8c68e11e89b1c59d1f8bd331ff399ab74fc198ed4d5805

      SHA512

      6dcdc48c992fb14adfec3fbc7d42f14767698a1a13c89f8e71cad76d74922e384c4fd3fd16abf6908ea799957b3be05329ef8c50eeb0bb4c436b1eb3cec450a7

    • /storage/emulated/0/Android/data/com.travel.koubei/cache/http/2ab9f239fb129be9eb26c1d00b022baf.0.tmp
      Filesize

      278B

      MD5

      51c9f38e380e3b7f705fbc411792ff07

      SHA1

      fded7602f098f4b23bbab7b0e94d0aed7bcfd1e1

      SHA256

      4fcf789ba9f2ca3692091fa785a1e0077a87de417b0dd6d04f21289a5aaec59f

      SHA512

      24a5b15ef93b94f7afb0c71f7a6a28dd4116fd167f8c382ac30cf56b01a3904518c42f0834e0f870c4528639454610a91637a2b1c0c7c61f23272d37a327a407

    • /storage/emulated/0/Android/data/com.travel.koubei/cache/http/304d4c9a72d8b8d2c0b3dedc2ac3dc6b.0.tmp
      Filesize

      281B

      MD5

      fed01292a10987ea5da4c0dd1c95a32f

      SHA1

      858c60583814aa6d72b033084510b1383c584a45

      SHA256

      e072c178256310de4e30dac8a9822f1c068e7b1b5219c0760ef6ffa3928766e7

      SHA512

      718469b8beea74fda8ae97f5c730c60c5d4324250e4807de3f0a8d4057d9ae1e4d21e8155529fbe008f034118625e50b4dba91ddf956213ebb75ab9447090812

    • /storage/emulated/0/Android/data/com.travel.koubei/cache/http/journal
      Filesize

      114B

      MD5

      72c1e42698debfdbebc1ef854f06c6b0

      SHA1

      fa28934e50ee9453aabd08e679af8d7eb72f569f

      SHA256

      041576f84506e8eb2d491a2be14f8c859f451a95e24a318ebb4ee7076f8e9889

      SHA512

      6b8104bd28a5a4d065d1d4776f138733f4d56f10b3d25445f4a5c0c6105dbef78813627393e9f143af459a42cf29115e5f4fa870b7110db134bb7edd3d187def

    • /storage/emulated/0/Android/data/com.travel.koubei/cache/http/journal.tmp
      Filesize

      36B

      MD5

      37e8e716e0e2f4a0b05cd9571d95b84d

      SHA1

      f8d068f6931707bddb8cd69f706f2224ad1fea3c

      SHA256

      7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

      SHA512

      e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

    • /storage/emulated/0/Android/data/com.travel.koubei/files/RongCloud/cache/journal.tmp
      Filesize

      31B

      MD5

      8c8bcb7d36cb5a71729c00c4e7f2d330

      SHA1

      a352667c61dc45f43cae74a7102fa692fba98d3e

      SHA256

      fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150

      SHA512

      4589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62